Everything got broken. selinux-policy-targeted-1.17.30-2.90

Omri Schwarz ocschwar at MIT.EDU
Wed Mar 30 16:25:47 UTC 2005

(Sorry if I break the threading, but my subscription has not kicked in.)

Stephen Smalley says:

On Wed, 2005-03-30 at 00:56 -0500, Omri Schwarz wrote:
>> Right now I have a machine that is using selinux-policy-targeted-1.17.30-2.9
>> oarch.rpm, and I suffer from the same errors:
>> # /usr/sbin/getenforce
>> getenforce:  getenforce() failed
>> ]# /usr/sbin/getsebool -a
>> getsebool: booleans.c:48: security_get_boolean_names: Assertion 
>> failed.
>> Aborted
>> # cat /selinux/enforce
>> 1

>What does 'id' show?  What is in your /etc/selinux/config file?

% more /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.

% id
uid=10204(omri) gid=101(cdrecording) groups=0(root),48(apache),101(cdrecording)

>> Mar 30 00:55:15 HOST kernel: audit(1112162115.873:0): avc:  denied  { 
search }
>> for  pid=6178 exe=/sbin/portmap name=etc dev=hda3 ino=229377 
>> scontext=root:system_r:portmap_t tcontext=system_u:object_r:home_root_t 
>> tclass=dir

>/etc certainly shouldn't be labeled home_root_t. /sbin/fixfiles restore?



% ls -lZ /
drwxr-xr-x  root     root     system_u:object_r:bin_t          bin
drwxr-xr-x  root     root     system_u:object_r:boot_t         boot
drwxr-xr-x  root     root     system_u:object_r:device_t       dev
drwxr-xr-x  root     root     system_u:object_r:home_root_t    etc
drwxr-xr-x  root     root     system_u:object_r:home_root_t    home
drwxr-xr-x  root     root     system_u:object_r:root_t         initrd
drwxr-xr-x  root     root     system_u:object_r:lib_t          lib
drwx------  root     root     system_u:object_r:lost_found_t   lost+found
drwxr-xr-x  root     root     system_u:object_r:mnt_t          media
drwxr-xr-x  root     root     system_u:object_r:default_t      misc
drwxr-xr-x  root     root     system_u:object_r:mnt_t          mnt
drwxr-xr-x  root     root                                      nfs
drwxr-xr-x  root     root     system_u:object_r:usr_t          opt
dr-xr-xr-x  root     root                                      proc
drwxr-x---  root     root     root:object_r:user_home_dir_t    root
drwxr-xr-x  root     root     system_u:object_r:sbin_t         sbin
drwxr-xr-x  root     root                                      selinux
drwxr-xr-x  root     root     system_u:object_r:default_t      srv
drwxr-xr-x  root     root                                      sys
drwxr-xr-x  root     root     system_u:object_r:default_t      tftpboot
drwxrwxrwt  root     root     system_u:object_r:tmp_t          tmp
drwxr-xr-x  root     root     system_u:object_r:usr_t          usr
drwxr-xr-x  root     root     system_u:object_r:var_t          var

More information about the fedora-selinux-list mailing list